Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2018-06-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | |||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2018-06-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | |||||
| CVE-2018-10678 | 1 Mybb | 1 Mybb | 2018-06-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | |||||
| CVE-2017-5571 | 1 Flexerasoftware | 1 Flexnet Publisher | 2018-05-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-10100 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2018-05-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | |||||
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | |||||
| CVE-2017-0363 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | |||||
| CVE-2018-8813 | 1 Wolfcms | 1 Wolf Cms | 2018-05-10 | 4.9 MEDIUM | 4.8 MEDIUM |
| Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. | |||||
| CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2018-05-02 | 5.8 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2018-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | |||||
| CVE-2018-1220 | 1 Emc | 1 Rsa Archer | 2018-03-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. | |||||
| CVE-2017-6932 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2018-03-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. | |||||
| CVE-2018-6324 | 1 F-secure | 1 Radar | 2018-03-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | |||||
| CVE-2017-8945 | 1 Hp | 1 Icewall Federation Agent | 2018-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. | |||||
| CVE-2017-18178 | 1 Progress | 1 Sitefinity | 2018-03-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | |||||
| CVE-2016-0329 | 1 Ibm | 1 Emptoris Sourcing | 2018-02-16 | 4.9 MEDIUM | 5.4 MEDIUM |
| Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692. | |||||
| CVE-2018-6520 | 1 Simplesamlphp | 1 Simplesamlphp | 2018-02-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | |||||
| CVE-2017-2166 | 1 Groupsession | 1 Groupsession | 2018-02-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2018-02-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | |||||
| CVE-2017-11879 | 1 Microsoft | 1 Asp.net Core | 2018-02-01 | 4.3 MEDIUM | 8.8 HIGH |
| ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |||||